๐ซ๐ท
dynamix
2026-07-15 02:40:38
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 11:19:48
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 07:19:40.813194 2026] [security2:error] [pid 11158:tid 11158] [client 103.132.249.188:64025] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.132.249.188 (+1 hits since last alert)|faithlines.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "faithlines.com"] [uri "/xmlrpc.php"] [unique_id "alYbTPYr0dH5YFibQk0I7AAAADM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-07-14 06:32:06
(3 days ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐บ๐ธ
IndigoRidge
2026-07-12 15:48:22
(4 days ago)
103.132.249.188 - - [12/Jul/2026:11:47:17 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5547 "-" "WordPress ...
show more
103.132.249.188 - - [12/Jul/2026:11:47:17 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5547 "-" "WordPress.com; https://wordpress.com"
103.132.249.188 - - [12/Jul/2026:11:47:39 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5547 "-" "WordPress.com; https://wordpress.com"
103.132.249.188 - - [12/Jul/2026:11:47:49 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5547 "-" "WordPress.com; https://wordpress.com"
103.132.249.188 - - [12/Jul/2026:11:48:11 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5547 "-" "WordPress.com; https://wordpress.com"
103.132.249.188 - - [12/Jul/2026:11:48:21 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5547 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-10 06:55:40
(1 week ago)
103.132.249.188 - - [10/Jul/2026:02:54:57 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5122 "-" "Jetpack b ...
show more
103.132.249.188 - - [10/Jul/2026:02:54:57 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5122 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
103.132.249.188 - - [10/Jul/2026:02:55:07 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5122 "-" "Jetpack/12.1; WordPress/6.4; http://site94539642.com"
103.132.249.188 - - [10/Jul/2026:02:55:18 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5122 "-" "Jetpack/13.0; WordPress/6.1; http://site49138911.com"
103.132.249.188 - - [10/Jul/2026:02:55:29 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5122 "-" "WordPress.com; https://wordpress.com"
103.132.249.188 - - [10/Jul/2026:02:55:39 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5122 "-" "Jetpack/12.1; WordPress/6.3; http://site55356278.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 06:16:56
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 02:16:49.698365 2026] [security2:error] [pid 12690:tid 12690] [client 103.132.249.188:60436] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.132.249.188 (+1 hits since last alert)|magacine.tv|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "magacine.tv"] [uri "/xmlrpc.php"] [unique_id "alCOUaSZNTq1znnWrPT1JgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-07-07 15:27:09
(1 week ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 02:26:48
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 22:26:42.176564 2026] [security2:error] [pid 2850:tid 2850] [client 103.132.249.188:53110] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.132.249.188 (+1 hits since last alert)|celebritybikinigossip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "celebritybikinigossip.com"] [uri "/xmlrpc.php"] [unique_id "aksSYoTS9jXKUjwViREZ4wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 15:30:11
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.132.249.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 11:30:02.880037 2026] [security2:error] [pid 21968:tid 21968] [client 103.132.249.188:57351] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.132.249.188 (+1 hits since last alert)|brianwhitty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brianwhitty.com"] [uri "/xmlrpc.php"] [unique_id "akp4enzBq4LaALU8LzQAlgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-07-03 12:41:56
(2 weeks ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot